@@ -10,7 +10,7 @@ import {Log} from '../logging.js';
1010
1111import { Argv } from 'yargs' ;
1212import { AuthenticatedGitClient } from './authenticated-git-client.js' ;
13- import { GITHUB_TOKEN_GENERATE_URL } from './github-urls .js' ;
13+ import { ChildProcess } from '../child-process .js' ;
1414
1515/** Sets up the `github-token` command option for the given Yargs instance. */
1616export function addGithubTokenOption < T > ( argv : Argv < T > ) {
@@ -23,7 +23,7 @@ export function addGithubTokenOption<T>(argv: Argv<T>) {
2323 type : 'string' ,
2424 default : '' ,
2525 defaultDescription : '<LOCAL_TOKEN>' ,
26- description : 'Github token. If not set, token is retrieved from the environment variables. ' ,
26+ description : 'Github token. If not set, a token is retreived via the gh CLI ' ,
2727 // We use the coerce function as a way of allowing the user to provide the value, otherwise
2828 // looking for it in the environment.
2929 coerce : configureGitClientWithTokenOrFromEnvironment ,
@@ -32,21 +32,49 @@ export function addGithubTokenOption<T>(argv: Argv<T>) {
3232}
3333
3434/**
35- * If the github token is able to be determined, either by being provided as a parameter or being
36- * present in the environment, it is used to set the configuration for the AuthenticatedGitClient.
37- * Otherwise, an error is thrown.
35+ * If the github token is able to be determined, either by being provided as a parameter, retrieved
36+ * via the gh CLI or being present in the environment, it is used to set the configuration for the
37+ * AuthenticatedGitClient. Otherwise, an error is thrown.
3838 *
3939 * We explicitly return void for this function to allow this function to be used as a `coerce`
4040 * function for yargs. This allows for the option, `github-token` to be available for users without
4141 * including it in the generated types for the `Argv` object on a command, helping us to enforce
4242 * that the token should only be accessed from the AuthenticatedGitClient itself.
4343 */
4444export function configureGitClientWithTokenOrFromEnvironment ( token : string | undefined ) : void {
45- const githubToken = token || ( process . env [ 'GITHUB_TOKEN' ] ?? process . env [ 'TOKEN' ] ) ;
46- if ( ! githubToken ) {
47- Log . error ( 'No Github token set. Please set the `GITHUB_TOKEN` environment variable.' ) ;
48- Log . error ( 'Alternatively, pass the `--github-token` command line flag.' ) ;
49- Log . warn ( `You can generate a token here: ${ GITHUB_TOKEN_GENERATE_URL } ) ;
45+ const determineToken = ( ) => {
46+ if ( token ) {
47+ Log . debug ( 'Recieved github token via --github-token flag' ) ;
48+ return token ;
49+ }
50+
51+ try {
52+ /** Silent mode is used to prevent the token lookup from being printed into the logs. */
53+ const mode = 'silent' ;
54+ const ghCliToken = ChildProcess . spawnSync ( 'gh' , [ 'auth' , 'token' ] , { mode} ) . stdout . trim ( ) ;
55+ if ( ghCliToken ) {
56+ Log . debug ( 'Retrieved github token via gh CLI' ) ;
57+ return ghCliToken ;
58+ }
59+ } catch ( err ) {
60+ Log . debug ( 'Failed to retrieve github token via gh CLI' ) ;
61+ Log . debug ( err ) ;
62+ }
63+
64+ // TODO(josephperrott): remove support for retrieving tokens via the environment.
65+ const envToken = process . env [ 'GITHUB_TOKEN' ] ?? process . env [ 'TOKEN' ] ;
66+ if ( envToken ) {
67+ Log . warn ( ' ⚠ Retrieved github token via environment variable, retrieving tokens via' ) ;
68+ Log . warn ( ' environment variables has been deprecated and will be removed in the future' ) ;
69+ Log . warn ( ' please set up authentication via the Github CLI for future use.' ) ;
70+ return envToken ;
71+ }
72+ return undefined ;
73+ } ;
74+ const githubToken = determineToken ( ) ;
75+ if ( githubToken === undefined ) {
76+ Log . error ( ' ✘ No Github token set. Please configure authentication using the Github CLI.' ) ;
77+ Log . error ( ' Alternatively, pass the `--github-token` command line flag.' ) ;
5078 throw Error ( 'Unable to determine the Github token.' ) ;
5179 }
5280
0 commit comments